Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Application role
Franky wrote:
> In Sql Server an application role can be created so that users cannot
> connect to the database if they don't use the program.
> In that program you first connect to the database and the exec a stored
> procedure using a password. Then you can select, delete, update the
> records in the database. If you use another tool (MsAccess, Query
> analyzer, ...) you cannot select, delete and update the records.
This is a nice feature to have, but IMO is in no way one that can truly enforce security... Is is very easy to change an application and its module name to bypass this database restriction - or to spoof it with a few lines of custom code.
-- BillyReceived on Wed Nov 06 2002 - 07:09:00 CST